Target Industry 

Indiscriminate, opportunistic targeting. 

Overview 

Ivanti has rolled out an update to mitigate a critical vulnerability and a high-severity flaw within Ivanti Connect Secure, Policy Secure, and ZTA Gateways. The critical vulnerability, identified as CVE-2025-0282, could potentially allow unauthenticated remote code execution if successfully exploited. Additionally, the high-severity vulnerability, CVE-2025-0283, could enable a local authenticated attacker to escalate privileges.

Impact 

If the vulnerability CVE-2025-0282 is successfully exploited, an attacker could execute arbitrary code on the affected system, potentially leading to complete system compromise. This could result in unauthorised access to sensitive data, system modifications, or service disruptions. The network attack vector and lack of user interaction required increase the risk of widespread exploitation.

The privilege escalation vulnerability identified as CVE-2025-0283, although requiring authenticated local access, can grant full administrative rights to an attacker, enabling them to conduct malicious configurations or inject harmful code.

Vulnerability Detection  

The following products and versions are affected:

· Ivanti Connect Secure versions prior to 22.7R2.5

· Ivanti Policy Secure versions prior to 22.7R1.2

· Ivanti Neurons for ZTA Gateways versions prior to 22.7R2.3

Exploitation  

There is no evidence that a public proof-of-concept exists for CVE-2025-0282 and CVE-2025-0282. The vulnerability CVE-2025-0282 is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list. CVE-2025-0282 impacts the same versions as CVE-2025-0282 but has not been observed in exploitation.

Containment, Mitigations & Remediations 

• Ivanti Connect Secure: Upgrade immediately to version 22.7R2.5 to mitigate this vulnerability
• Ivanti Policy Secure: A patch is scheduled for release on 21st January 2025. Ivanti strongly advises ensuring the product is not exposed to the internet and configured per best practices
• Neurons for ZTA Gateways: The fix will be available on 21st January 2025. The risk is mitigated when the gateway is connected to a ZTA controller.

Indicators of Compromise

No indicators of compromise (IoCs) are available currently.

Threat Landscape 

Ivanti’s products, including Connect Secure and Policy Secure, are widely deployed in enterprise environments across various sectors, including government, healthcare, financial services, energy, and education. These solutions enable secure remote access and support for zero-trust access frameworks, making them high-value targets for cyber attackers.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Further Information 

1. https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways#new_tab

2. https://socradar.io/ivanti-zero-day-in-connect-secure-sonicwall-ssl-vpn/

3. https://nvd.nist.gov/vuln/detail/CVE-2025-0282

4. https://nvd.nist.gov/vuln/detail/CVE-2025-0283

5. https://www.cisa.gov/news-events/alerts/2025/01/08/ivanti-releases-security-updates-connect-secure-policy-secure-and-zta-gateways